If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Wired Keyboards "Broadcast" Keystrokes

There was always a concern over wireless keyboards, though good designs have mitigated snooping on their wireless signals. But now it looks like wired keyboards (with poor shielding?) offer no guarantee of privacy.

To determine if wired keyboards generate compromising emanations, we measured the electromagnetic radiations emitted when keys are pressed. To analyze compromising radiations, we generally use a receiver tuned on a specific frequency. However, this method may not be optimal: the signal does not contain the maximal entropy since a significant amount of information is lost.

Our approach was to acquire the signal directly from the antenna and to work on the whole captured electromagnetic spectrum.

If your eyeballs can't cope with the gray-on-gray color scheme of the site, just watch the videos.

This is really interesting and we've heard of it being done in the past with monitors... but it does seem to be rather lab-based at this point (especially based on the videos).

They removed all other sources of interference (monitor, power supply, and even laptop power supply).
They typed extremely slowly.

What happens in a real world situation where you have a monitor and power supply, or potentially multiple computers in a single room with other electronic devices? Can the decode program separate the keystrokes from the noise? If you have multiple keyboards can it distinguish them due to a unique pattern? If a person was typing at 60, 80, or 100wpm would they still be able to sniff the keystrokes?

Right now they've got my interest, but I'm really eager to see the report or real world demonstration footage, before I become really excited about this.

IT Blog: .:Computer Defense:.PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

HTRegz brings up some good points. You guys remember the report that was talking about recording the audio from someone typing it, and analyzing it to determine keystrokes? What ever happened to that?

As far as looking at the electromagnetic spectrum, [much like the van eck devices]... I think there would be a ton of interference in a typical lab setting, where most of the keyboards are the same model.

\"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

As far as looking at the electromagnetic spectrum, [much like the van eck devices]... I think there would be a ton of interference in a typical lab setting, where most of the keyboards are the same model.

I'd normally agree, except that the keyboard they are testing on appears to be rather old and doesn't look to match any other keyboards that they briefly pass by as they walk around.

IT Blog: .:Computer Defense:.PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

What happens in a real world situation where you have a monitor and power supply, or potentially multiple computers in a single room with other electronic devices? Can the decode program separate the keystrokes from the noise? If you have multiple keyboards can it distinguish them due to a unique pattern? If a person was typing at 60, 80, or 100wpm would they still be able to sniff the keystrokes?

IMO, You all have valid points in regards to the electromagnetic spectrum - I agree.

However, the one thing i wanted to point out was that in the 'real world' situation, with various sources of radiation, especially a CRT monitor, but even small devices like a digital wristwatch all have an acumulative effect..... In the real world scenario, the radiation emitted from the keyboard is very small, and would simply be drowned out by all of the other devices, some of which give of a thousand times more electromagnetism.

In a room with a 400W Psu and typical full tower config, monitor and peripherals, printer on standby, radio, tv, nintendo ds being played in the next room - you would have to be right next to the keyboard/cord to detect the signal needed.

Furthermore, under controlled conditions as in the videos, the radiation from the keyboard it would be impossible to detect at a distance, it again would be drowned out from naturally occuring electromagnetism - From the iron in building structures, the the rodents that live in them.

CTO

"Any intelligent fool can make things bigger and more complex... It takes a touch of genius --- and a lot of courage to move in the opposite direction."
- Albert Einstein

IMO it really doesn't matter much. Big Brother cannot work. T.M.I and Humans are going to have to interpret the data.

And why would I bother analyzing your keyboards electronic output when all I have to do is remotely connect to port 445? As mentioned in another thread around here, tons of users have their computers connected directly to the WWW with no firewall. AND lots of them communicate with "secure" systems.